Status Artikel

Twitter @TweetThreatNews

Image	Tweet
	Dutch investigators arrested 2 men and seized 800 servers tied to a hosting firm accused of enabling cyberattacks, disinformation, and support for sanctioned Russian and Belarusian entities. #Netherlands #StarkIndustries #THEHosting [232] 2026-05-23 01:40:05 \| Cybersecurity News \| Link ID:102395
	Two former C.A. Cloud executives pleaded guilty to hiding a global tech support scam that used fake pop-ups, impersonated Microsoft and Apple, and offshore call centers in Tunisia. #CACLoud #Tunisia #Fraud [205] 2026-05-23 01:40:05 \| Cybersecurity News \| Link ID:102397
	Nimbus Manticore (UNC1549) resurfaced during Operation Epic Fury with AppDomain Hijacking, SEO poisoning, and a new backdoor, MiniFast, targeting aviation and software firms across the United States, Europe, and the Middle East. #Iran #UNC1549 [243] 2026-05-23 02:30:04 \| Threat Research \| Link ID:102381
	Akira ransomware allegedly targeted GITIS S.r.l. in Russia, threatening to leak 30GB of data including employee details, contracts, financials, client records, projects, and NDAs. #Russia #Ransomware #GITIS [206] 2026-05-23 02:15:02 \| Ransom Monitor \| Link ID:102383
	BMJ Paperpack in Indonesia was hit by a ransomware attack attributed to worldleaks, disrupting system and data access as recovery efforts continue. #Indonesia #Ransomware #Manufacturing [185] 2026-05-23 02:00:06 \| Ransom Monitor \| Link ID:102385
	Semgrep reported a Qilin ransomware incident in the US, causing operational disruption and data compromise. #Semgrep #UnitedStates #Ransomware [142] 2026-05-23 01:45:03 \| Ransom Monitor \| Link ID:102387
	Drupal warns CVE-2026-9082 is already seeing exploit attempts. The flaw can let unauthenticated attackers inject SQL on PostgreSQL sites, with more than 15,000 probes across nearly 6,000 sites. #Drupal #PostgreSQL #Imperva [222] 2026-05-23 01:30:04 \| Cybersecurity News \| Link ID:102389
	Iranian suspects in gas station tank monitor breaches, exposed CISA contractor credentials, a Huawei router flaw hit Luxembourg telecom, and Four-Faith routers are under active exploitation. #Iran #CISA #Huawei [210] 2026-05-23 01:15:03 \| Cybersecurity News \| Link ID:102391
	Ghostwriter targets Ukrainian government entities with Prometheus-themed phishing, deploying OYSTERFRESH, OYSTERBLUES, OYSTERSHUCK, then Cobalt Strike. Also tied to AI scouting and pro-Kremlin propaganda. #Ukraine #Ghostwriter #Prometheus [238] 2026-05-23 01:00:05 \| Cybersecurity News \| Link ID:102393
	ZionSiphon is a .NET OT implant posing as a SCADA security patch for Israeli water systems. It has persistence, escalation, and sabotage logic, but a bug breaks geographic validation and ICS execution. #Israel #SCADA #OTSecurity [228] 2026-05-23 00:45:03 \| Threat Research \| Link ID:102379
	Unit 42 links Iran-nexus Screening Serpens to a multi-stage espionage campaign using six new RATs, tailored lures, DLL sideloading, and AppDomainManager hijacking against U.S., Israel, and UAE targets. #Iran #Israel #UAE [220] 2026-05-23 00:30:05 \| Threat Research \| Link ID:102367
	DragonForce has evolved from RaaS into a cartel-style ransomware ecosystem, linking affiliates, brokers, and coalition activity with Qilin and LockBit for global double-extortion campaigns. #DragonForce #Qilin #LockBit [218] 2026-05-23 00:15:02 \| Cyber Attack \| Link ID:102377
	Trend Micro patched CVE-2026-34926, an Apex One zero-day exploited in the wild. The flaw in on-premises Windows deployments can enable code injection with admin access. CISA added it to the KEV list. #TrendMicro #ApexOne #CISA [226] 2026-05-23 00:00:05 \| Cybersecurity News \| Link ID:102369
	Drupal says attackers are actively exploiting CVE-2026-9082, a critical unauthenticated SQL injection flaw in its database API. Successful attacks could enable remote code execution. #Drupal #PostgreSQL #CVE20269082 [215] 2026-05-22 23:45:03 \| Cybersecurity News \| Link ID:102371
	Chargebacks reveal only part of fraud losses. False positives, manual reviews, account takeovers, and abuse can hurt revenue, ops, and trust. Better metrics show the full impact. #Chargebacks #AccountTakeovers #SyntheticIdentityFraud [233] 2026-05-22 23:30:03 \| Cybersecurity News \| Link ID:102373
	Ubiquiti patched five UniFi OS flaws, including 3 max-severity bugs that could allow unauthorized changes, file reads, or command execution on internet-exposed devices. #UniFiOS #Ubiquiti #CVE202634908 [201] 2026-05-22 23:15:03 \| Cybersecurity News \| Link ID:102375
	Akira ransomware targeted Buffalo Niagara Convention Center, claiming theft and leak of employee, client, and partner data for 180,000 people, plus contracts and financials. #UnitedStates #Ransomware #Hospitality [212] 2026-05-22 23:00:03 \| Ransom Monitor \| Link ID:102355
	Akira claims a May 2026 ransomware attack on Function Enterprises, with encrypted and exfiltrated data including employee IDs, contracts, client records, financials, and project details in the United States. #UnitedStates #Ransomware #DataLeak [243] 2026-05-22 22:45:02 \| Ransom Monitor \| Link ID:102357
	Thread Innovations, a Canadian technology firm, reportedly suffered unauthorized access to confidential files, including client data, proprietary R&D, and financial records in a ransom incident. #Canada #ThreadInnovations #Ransomware [233] 2026-05-22 22:30:04 \| Ransom Monitor \| Link ID:102359
	Canadian national Jacob Butler, aka "Dort," was arrested and charged in the US for allegedly running the Kimwolf DDoS botnet, tied to multiple records, IPs, and accounts. #Canada #Kimwolf #DDoS [193] 2026-05-22 22:15:03 \| Cybersecurity News \| Link ID:102361
	Megalodon hit 5,561 GitHub repos with malicious CI/CD workflows, pushing 5,718 commits in 6 hours to steal CI secrets, cloud creds, and SSH keys. Related abuse tied to fake Polymarket npm packages. #GitHubActions #SupplyChain #Polymarket [237] 2026-05-22 22:00:03 \| Cybersecurity News \| Link ID:102363
	Windows kernel drivers can remain reachable without the intended hardware. By using software-emulated devices, spoofed IDs, and forced binding, AddDevice may expose exploitable code paths in BYOVD scenarios. #PnpManager #AddDevice #BYOVD [237] 2026-05-22 21:45:02 \| Cybersecurity News \| Link ID:102365
	Hospital Clínic de Barcelona was hit by RansomHouse, which demanded $4.5M to avoid leaking patient data. Catalonia says it will not pay, leaving 4TB of information at risk. #Spain #Ransomware #Barcelona [203] 2026-05-22 20:00:04 \| Cyber Attack \| Link ID:102353
	U.S. and Canadian authorities arrested Jacob Butler in Ottawa over the KimWolf DDoS botnet, which infected nearly 2 million devices and fueled over 25,000 attacks worldwide. #KimWolf #Canada #DDoS [196] 2026-05-22 19:45:03 \| Cybersecurity News \| Link ID:102351
	Cloud Atlas stayed active through 2025-26, hitting government and commercial targets in Russia and Belarus with phishing ZIPs, malicious LNKs, PowerShell loaders, and new tools like VBCloud, RevSocks, and Tor. #CloudAtlas #Russia #Belarus [238] 2026-05-22 19:15:03 \| Threat Research \| Link ID:102349

Twitter @TweetThreatNews | Tweet Empty: 0 | Tweet Pending: 2 | Tweet Error: 0 |

Image	Tweet
	Dutch investigators arrested 2 men and seized 800 servers tied to a hosting firm accused of enabling cyberattacks, disinformation, and support for sanctioned Russian and Belarusian entities. #Netherlands #StarkIndustries #THEHosting [232] 2026-05-23 01:40:05 \| Cybersecurity News \| Link ID:102395
	Two former C.A. Cloud executives pleaded guilty to hiding a global tech support scam that used fake pop-ups, impersonated Microsoft and Apple, and offshore call centers in Tunisia. #CACLoud #Tunisia #Fraud [205] 2026-05-23 01:40:05 \| Cybersecurity News \| Link ID:102397
	Nimbus Manticore (UNC1549) resurfaced during Operation Epic Fury with AppDomain Hijacking, SEO poisoning, and a new backdoor, MiniFast, targeting aviation and software firms across the United States, Europe, and the Middle East. #Iran #UNC1549 [243] 2026-05-23 02:30:04 \| Threat Research \| Link ID:102381
	Akira ransomware allegedly targeted GITIS S.r.l. in Russia, threatening to leak 30GB of data including employee details, contracts, financials, client records, projects, and NDAs. #Russia #Ransomware #GITIS [206] 2026-05-23 02:15:02 \| Ransom Monitor \| Link ID:102383
	BMJ Paperpack in Indonesia was hit by a ransomware attack attributed to worldleaks, disrupting system and data access as recovery efforts continue. #Indonesia #Ransomware #Manufacturing [185] 2026-05-23 02:00:06 \| Ransom Monitor \| Link ID:102385
	Semgrep reported a Qilin ransomware incident in the US, causing operational disruption and data compromise. #Semgrep #UnitedStates #Ransomware [142] 2026-05-23 01:45:03 \| Ransom Monitor \| Link ID:102387
	Drupal warns CVE-2026-9082 is already seeing exploit attempts. The flaw can let unauthenticated attackers inject SQL on PostgreSQL sites, with more than 15,000 probes across nearly 6,000 sites. #Drupal #PostgreSQL #Imperva [222] 2026-05-23 01:30:04 \| Cybersecurity News \| Link ID:102389
	Iranian suspects in gas station tank monitor breaches, exposed CISA contractor credentials, a Huawei router flaw hit Luxembourg telecom, and Four-Faith routers are under active exploitation. #Iran #CISA #Huawei [210] 2026-05-23 01:15:03 \| Cybersecurity News \| Link ID:102391
	Ghostwriter targets Ukrainian government entities with Prometheus-themed phishing, deploying OYSTERFRESH, OYSTERBLUES, OYSTERSHUCK, then Cobalt Strike. Also tied to AI scouting and pro-Kremlin propaganda. #Ukraine #Ghostwriter #Prometheus [238] 2026-05-23 01:00:05 \| Cybersecurity News \| Link ID:102393
	ZionSiphon is a .NET OT implant posing as a SCADA security patch for Israeli water systems. It has persistence, escalation, and sabotage logic, but a bug breaks geographic validation and ICS execution. #Israel #SCADA #OTSecurity [228] 2026-05-23 00:45:03 \| Threat Research \| Link ID:102379
	Unit 42 links Iran-nexus Screening Serpens to a multi-stage espionage campaign using six new RATs, tailored lures, DLL sideloading, and AppDomainManager hijacking against U.S., Israel, and UAE targets. #Iran #Israel #UAE [220] 2026-05-23 00:30:05 \| Threat Research \| Link ID:102367
	DragonForce has evolved from RaaS into a cartel-style ransomware ecosystem, linking affiliates, brokers, and coalition activity with Qilin and LockBit for global double-extortion campaigns. #DragonForce #Qilin #LockBit [218] 2026-05-23 00:15:02 \| Cyber Attack \| Link ID:102377
	Trend Micro patched CVE-2026-34926, an Apex One zero-day exploited in the wild. The flaw in on-premises Windows deployments can enable code injection with admin access. CISA added it to the KEV list. #TrendMicro #ApexOne #CISA [226] 2026-05-23 00:00:05 \| Cybersecurity News \| Link ID:102369
	Drupal says attackers are actively exploiting CVE-2026-9082, a critical unauthenticated SQL injection flaw in its database API. Successful attacks could enable remote code execution. #Drupal #PostgreSQL #CVE20269082 [215] 2026-05-22 23:45:03 \| Cybersecurity News \| Link ID:102371
	Chargebacks reveal only part of fraud losses. False positives, manual reviews, account takeovers, and abuse can hurt revenue, ops, and trust. Better metrics show the full impact. #Chargebacks #AccountTakeovers #SyntheticIdentityFraud [233] 2026-05-22 23:30:03 \| Cybersecurity News \| Link ID:102373
	Ubiquiti patched five UniFi OS flaws, including 3 max-severity bugs that could allow unauthorized changes, file reads, or command execution on internet-exposed devices. #UniFiOS #Ubiquiti #CVE202634908 [201] 2026-05-22 23:15:03 \| Cybersecurity News \| Link ID:102375
	Akira ransomware targeted Buffalo Niagara Convention Center, claiming theft and leak of employee, client, and partner data for 180,000 people, plus contracts and financials. #UnitedStates #Ransomware #Hospitality [212] 2026-05-22 23:00:03 \| Ransom Monitor \| Link ID:102355
	Akira claims a May 2026 ransomware attack on Function Enterprises, with encrypted and exfiltrated data including employee IDs, contracts, client records, financials, and project details in the United States. #UnitedStates #Ransomware #DataLeak [243] 2026-05-22 22:45:02 \| Ransom Monitor \| Link ID:102357
	Thread Innovations, a Canadian technology firm, reportedly suffered unauthorized access to confidential files, including client data, proprietary R&D, and financial records in a ransom incident. #Canada #ThreadInnovations #Ransomware [233] 2026-05-22 22:30:04 \| Ransom Monitor \| Link ID:102359
	Canadian national Jacob Butler, aka "Dort," was arrested and charged in the US for allegedly running the Kimwolf DDoS botnet, tied to multiple records, IPs, and accounts. #Canada #Kimwolf #DDoS [193] 2026-05-22 22:15:03 \| Cybersecurity News \| Link ID:102361
	Megalodon hit 5,561 GitHub repos with malicious CI/CD workflows, pushing 5,718 commits in 6 hours to steal CI secrets, cloud creds, and SSH keys. Related abuse tied to fake Polymarket npm packages. #GitHubActions #SupplyChain #Polymarket [237] 2026-05-22 22:00:03 \| Cybersecurity News \| Link ID:102363
	Windows kernel drivers can remain reachable without the intended hardware. By using software-emulated devices, spoofed IDs, and forced binding, AddDevice may expose exploitable code paths in BYOVD scenarios. #PnpManager #AddDevice #BYOVD [237] 2026-05-22 21:45:02 \| Cybersecurity News \| Link ID:102365
	Hospital Clínic de Barcelona was hit by RansomHouse, which demanded $4.5M to avoid leaking patient data. Catalonia says it will not pay, leaving 4TB of information at risk. #Spain #Ransomware #Barcelona [203] 2026-05-22 20:00:04 \| Cyber Attack \| Link ID:102353
	U.S. and Canadian authorities arrested Jacob Butler in Ottawa over the KimWolf DDoS botnet, which infected nearly 2 million devices and fueled over 25,000 attacks worldwide. #KimWolf #Canada #DDoS [196] 2026-05-22 19:45:03 \| Cybersecurity News \| Link ID:102351
	Cloud Atlas stayed active through 2025-26, hitting government and commercial targets in Russia and Belarus with phishing ZIPs, malicious LNKs, PowerShell loaders, and new tools like VBCloud, RevSocks, and Tor. #CloudAtlas #Russia #Belarus [238] 2026-05-22 19:15:03 \| Threat Research \| Link ID:102349